Hi Ed Id say what you are asking is a no with a single vip.
However if you chain a vip with all ssl tls allowed on the first vip with an acl Then rather than your backend being real servers make the backend 2 more vips one with the tls version and another without that would work very well for you. acl alltls goto alltlsVIP acl sometls goto sometlsVIP The syntax is not correct but im sure toy get the idea. Have same ssl cert for sni on all 3 vips change your tls and cipher options on the 2 backend vips and mirror your real servers there. On 9 Jun 2016 22:36, "Eduard Martinescu" <[email protected]> wrote: > Some googling didn't turn up what I was looking for so I thought I would > ask here. > > Is it possible to enable different TLS version on a per hostname basis vis > SNI? > > So, with a single > > frontend ssl_app > bind 10.0.0.1:443 ssl crt mycrt crt /my/crt/directory > > Is there a way for that ssl_app frontend to allow TLS 1.0 for some subset > of SNI hostnames, while disallowing it for others? Or can I only enable it > for all or none? > > Ed > > ------------------------------ > Eduard Martinescu ✉ <[email protected]> > Principal Software Engineer > Office: 585.708.9685 ✆ <+15857089685> > [image: http://www.salsalabs.com] <http://www.salsalabs.com/> > DonorPro merged with Salsa, read about it here. > <https://www.salsalabs.com/about/news/salsa-labs-and-donorpro-unite> >
